Microsoft has released a fix for Windows 11 and Windows 10 devices in relation to a BitLocker bypass security flaw. The company has developed two sample PowerShell scripts that will essentially allow system admins and IT administrators to automate the Windows Recovery Environment (WinRE) update process to mitigate a BitLocker security bypass vulnerability (CVE-2022-41099).
If you are wondering about the differences between the two scripts, Microsoft says that its first script, the recommended one, is more robust and applies to Windows 10 version 2004 and later, as well as Windows 11. The second, general script, is mainly for devices running Windows 10 version 1909 and older, but it too works on all versions of Windows 11 and Windows 10.
The company writes:
Microsoft has developed a sample PowerShell script that can help you automate updating the Windows Recovery Environment (WinRE) on deployed devices to address the security vulnerabilities in CVE-2022-41099.
Sample PowerShell script
The sample PowerShell script was developed by the Microsoft product team to help automate the updating of WinRE images on Windows 10 and Windows 11 devices. Run the script with Administrator credentials in PowerShell on the affected devices. There are two scripts available—which script you should use depends on the version of Windows you are running. Please use the appropriate version for your environment.
You can find more details regarding the script as well as their installation process on Microsoft's official advisory on the topic under KB5025175.